Cross-address space recursive ret2spec.

[asteinha]

Tested also on unpatched ARM (Cavium).

[asteinha]

Is there any opportunity for us to share code between this and ret2spec_cyclic rather than having two programs that are ~60% similar?

Do you have a concrete idea how to do it? They are similar, but not the same. The only exception that can be move to a shared file is the LeakByte function. That one works the same way in both.

[mmdriley]

Considering one case, ReturnFalse: the only difference between the _sa and _ca versions is what they do when the recursion limit is hit. The first just returns, the second calls sched_yield. There are a lot of ways we could condense them:

• Just use the sched_yield version in both cases, hope it doesn't mess with the same-address version too much
• Gate the sched_yield call behind a boolean global
• Or make that a parameter
• Have a global function pointer or std::function that ReturnFalse references, which either calls sched_yield or nothing.
• Or make that a parameter
• Define ReturnFalse as a templated function, and one of the template arguments is whether to call sched_yield
• Template, only the template argument is a function to call when recursion finishes. (This allows us to e.g. set that function SAFESIDE_ALWAYS_INLINE since the call is visible to the compiler.)

A similar analysis applies to ReturnsTrue. And, as you noted, LeakByte is the same for both.

There's a broad design space here, and I don't have one concrete answer for the best way to approach this. But I feel like there's a good chance the solution looks like: both demos share a lot of common functions, slightly tweaked for their use case.

[asteinha]

Fixed. Ready for re-review.

[asteinha]

The Travis failure is unrelated to this PR.